TM1 Forum

Is it possible to setup TM1 Security in such a way that a User is able to Create Cubes and Create Dimensions, but not able to create processes??

Only by granting users read access to TI processes that do the job of the actual dimension and/or cube creation from parameterized inputs.

I havent tested this yet but what happens if you try to add ADMIN access to a dimension? It's not greyed out as an option when setting dimension security. This wouldn't allow you to create one from scratch Im assuming but would it allow an end user to add and modify elements without using a TI?

Your original post said "CREATE" so the answer is no, you can't do that unless either 1) you are a member of the group ADMIN or 2) someone who is an ADMIN has created a TI process that does the heavy lifting of the cube and/or dimension creation process and then given you at least READ access to it. Granting ADMIN access to a dimension will let you modify it or delete it, but not create any new ones. I'm not sure what granting ADMIN access to a cube will do since you can't change a cube, only delete and re-create, which this would not give you.

tomok wrote:Granting ADMIN access to a dimension will let you modify it or delete it, but not create any new ones. I'm not sure what granting ADMIN access to a cube will do since you can't change a cube, only delete and re-create, which this would not give you.

Actually I am pretty sure that ADMIN level security rights to a dimension or cube for a group (where members are not also members of the ADMIN group) will NOT give users permission to delete the object. What admin access will do in the case of a dimension is to create, delete, modify and publish public subsets. The same goes for admin level access to a cube except with views not subsets. In quite limited circumstances this can be quite useful functionality. You often hear people say (including consultants) that only global admins have the ability to create and modify public subsets and views but this is not true strictly speaking. The other ability that members of a group with admin access to a cube or dimension have is the ability to apply or release a lock or hold on the object.

I did not get answer i am seeking

If i have give a user Admin Access, than yes users will be able to create cubes, dimensions and processes

However my goal is to allow a user to create Cubes, Dimensions but disallow them to Create Processes and Chores

Is it possible?

dwsupport wrote:I did not get answer i am seeking

If i have give a user Admin Access, than yes users will be able to create cubes, dimensions and processes

However my goal is to allow a user to create Cubes, Dimensions but disallow them to Create Processes and Chores

Is it possible?

I'm sorry, could you clarify which part of Tomok's answer:

Tomok wrote: you can't do that unless either 1) you are a member of the group ADMIN or 2) someone who is an ADMIN has created a TI process that does the heavy lifting of the cube and/or dimension creation process and then given you at least READ access to it.

(my emphasis) didn't give you the answer you are seeking? It may not have been the answer that you wanted to hear, but life's like that sometimes.

The process concerned will obviously need to have parameters which allow the user to specify what to create.